Zum Hauptteil springen

Introducing API History (GSoC 2024)

· Die Lesezeit beträgt 7 min

Historical changes to Electron APIs will now be detailed in the docs.


Hi 👋, I'm Peter, the 2024 Google Summer of Code (GSoC) contributor to Electron.

Over the course of the GSoC program, I implemented an API history feature for the Electron documentation and its functions, classes, etc. in a similar fashion to the Node.js documentation: by allowing the use of a simple but powerful YAML schema in the API documentation Markdown files and displaying it nicely on the Electron documentation website.

Electron 32.0.0

· Die Lesezeit beträgt 4 min

Electron 32.0.0 wurde veröffentlicht! It includes upgrades to Chromium 128.0.6613.36, V8 12.8, and Node 20.16.0.


Das Electron-Team freut sich, die Veröffentlichung von Electron 32.0.0 ankündigen zu können! Sie können es mit npm über npm electron@latest installieren oder von unserer Releases-Website herunterladen. Lesen Sie weiter für Details zu dieser Version.

Wenn Sie Feedback haben, teilen Sie es uns bitte auf Twitter oder Mastodon mit oder treten Sie unserem Community-Discord bei! Bugs und Feature-Anfragen können im Issue-Tracker von Electron gemeldet werden.

Bemerkenswerte Änderungen

Highlights

  • Added new API version history in our documentation, a feature created by @piotrpdev as part of Google Summer of Code. You can learn more about it in this blog post. #42982
  • Removed nonstandard File.path extension from the Web File API. #42053
  • Aligned failure pathway in Web File System API with upstream when attempting to open a file or directory in a blocked path. #42993
  • Added the following existing navigation-related APIs to webcontents.navigationHistory: canGoBack, goBack, canGoForward, goForward, canGoToOffset, goToOffset, clear. The previous navigation APIs are now deprecated. #41752

Stack-Änderungen

Electron 32 upgrades Chromium from 126.0.6478.36 to 128.0.6613.36, Node from 20.14.0 to 20.16.0, and V8 from 12.6 to 12.8.

Neue Funktionen

  • Added support for responding to auth requests initiated from the utility process via the app module's 'login' event. #43317
  • Added the cumulativeCPUUsage property to the CPUUsage structure, which returns the total seconds of CPU time used since process startup. #41819
  • Added the following existing navigation related APIs to webContents.navigationHistory: canGoBack, goBack, canGoForward, goForward, canGoToOffset, goToOffset, clear. #41752
  • Extended WebContentsView to accept pre-existing webContents objects. #42086
  • Added a new property prefersReducedTransparency to nativeTheme, which indicates whether the user has chosen to reduce OS-level transparency via system accessibility settings. #43137
  • Aligned failure pathway in File System Access API with upstream when attempting to open a file or directory in a blocked path. #42993
  • Enabled the Windows Control Overlay API on Linux. #42681
  • Enabled zstd compression in network requests. #43300

Breaking Changes

Removed: File.path

The nonstandard path property of the Web File object was added in an early version of Electron as a convenience method for working with native files when doing everything in the renderer was more common. However, it represents a deviation from the standard and poses a minor security risk as well, so beginning in Electron 32.0 it has been removed in favor of the webUtils.getPathForFile method.

// Before (renderer)
const file = document.querySelector('input[type=file]');
alert(`Uploaded file path was: ${file.path}`);
// After (renderer)
const file = document.querySelector('input[type=file]');
electron.showFilePath(file);

// After (preload)
const { contextBridge, webUtils } = require('electron');

contextBridge.exposeInMainWorld('electron', {
showFilePath(file) {
// It's best not to expose the full file path to the web content if
// possible.
const path = webUtils.getPathForFile(file);
alert(`Uploaded file path was: ${path}`);
},
});

Deprecated: clearHistory, canGoBack, goBack, canGoForward, goForward, goToIndex, canGoToOffset, goToOffset on WebContents

Navigation-related APIs on WebContents instances are now deprecated. These APIs have been moved to the navigationHistory property of WebContents to provide a more structured and intuitive interface for managing navigation history.

// Deprecated
win.webContents.clearHistory();
win.webContents.canGoBack();
win.webContents.goBack();
win.webContents.canGoForward();
win.webContents.goForward();
win.webContents.goToIndex(index);
win.webContents.canGoToOffset();
win.webContents.goToOffset(index);

// Replace with
win.webContents.navigationHistory.clear();
win.webContents.navigationHistory.canGoBack();
win.webContents.navigationHistory.goBack();
win.webContents.navigationHistory.canGoForward();
win.webContents.navigationHistory.goForward();
win.webContents.navigationHistory.canGoToOffset();
win.webContents.navigationHistory.goToOffset(index);

End of Support for 29.x.y

Electron 29.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

E32 (Aug'24)E33 (Oct'24)E34 (Jan'25)
32.x.y33.x.y34.x.y
31.x.y32.x.y33.x.y
30.x.y31.x.y32.x.y

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8.

Sie können die öffentliche Zeitleiste von Electron hier finden.

Weitere Informationen über zukünftige Änderungen können auf der Geplante Breaking Changes Seite gefunden werden.

Electron 31.0.0

· Die Lesezeit beträgt 3 min

Electron 31.0.0 wurde veröffentlicht! It includes upgrades to Chromium 126.0.6478.36, V8 12.6, and Node 20.14.0.


Das Electron-Team freut sich, die Veröffentlichung von Electron 31.0.0 ankündigen zu können! Sie können es mit npm über npm electron@latest installieren oder von unserer Releases-Website herunterladen. Lesen Sie weiter für Details zu dieser Version.

Wenn Sie Feedback haben, teilen Sie es uns bitte auf Twitter oder Mastodon mit oder treten Sie unserem Community-Discord bei! Bugs und Feature-Anfragen können im Issue-Tracker von Electron gemeldet werden.

Bemerkenswerte Änderungen

Highlights

  • Extended WebContentsView to accept pre-existing webContents object. #42319
  • Added support for NODE_EXTRA_CA_CERTS. #41689
  • Updated window.flashFrame(bool) to flash continuously on macOS. #41391
  • Removed WebSQL support #41868
  • nativeImage.toDataURL will preserve PNG colorspace #41610
  • Extended webContents.setWindowOpenHandler to support manual creation of BrowserWindow. #41432

Stack-Änderungen

Electron 31 upgrades Chromium from 124.0.6367.49 to 126.0.6478.36, Node from 20.11.1 to 20.14.0, and V8 from 12.4 to 12.6.

Neue Funktionen

  • Added clearData method to Session. #40983
    • Added options parameter to Session.clearData API. #41355
  • Added support for Bluetooth ports being requested by service class ID in navigator.serial. #41638
  • Added support for Node's NODE_EXTRA_CA_CERTS environment variable. #41689
  • Extended webContents.setWindowOpenHandler to support manual creation of BrowserWindow. #41432
  • Implemented support for the web standard File System API. #41419
  • Extended WebContentsView to accept pre-existing WebContents instances. #42319
  • Added a new instance property navigationHistory on webContents API with navigationHistory.getEntryAtIndex method, enabling applications to retrieve the URL and title of any navigation entry within the browsing history. #41577 (Also in 29, 30)

Breaking Changes

Removed: WebSQL support

Chromium has removed support for WebSQL upstream, transitioning it to Android only. See Chromium's intent to remove discussion for more information.

Behavior Changed: nativeImage.toDataURL will preseve PNG colorspace

PNG decoder implementation has been changed to preserve colorspace data. The encoded data returned from this function now matches it.

See crbug.com/332584706 for more information.

Behavior Changed: win.flashFrame(bool) will flash dock icon continuously on macOS

This brings the behavior to parity with Windows and Linux. Prior behavior: The first flashFrame(true) bounces the dock icon only once (using the NSInformationalRequest level) and flashFrame(false) does nothing. New behavior: Flash continuously until flashFrame(false) is called. This uses the NSCriticalRequest level instead. To explicitly use NSInformationalRequest to cause a single dock icon bounce, it is still possible to use dock.bounce('informational').

Ende der Unterstützung für 28.x.y

Electron 28.x.y hat das Ende des Supports gemäß der Support-Richtlinie des Projekts erreicht. Developers and applications are encouraged to upgrade to a newer version of Electron.

E31 (Jun'24)E32 (Aug'24)E33 (Oct'24)
31.x.y32.x.y33.x.y
30.x.y31.x.y32.x.y
28.x.y29.x.y31.x.y

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8.

Sie können die öffentliche Zeitleiste von Electron hier finden.

Weitere Informationen über zukünftige Änderungen können auf der Geplante Breaking Changes Seite gefunden werden.

Electron 30.0.0

· Die Lesezeit beträgt 4 min

Electron 30.0.0 wurde veröffentlicht! It includes upgrades to Chromium 124.0.6367.49, V8 12.4, and Node.js 20.11.1.


Das Electron-Team freut sich, die Veröffentlichung von Electron 30.0.0 ankündigen zu können! Sie können es mit npm über npm electron@latest installieren oder von unserer Releases-Website herunterladen. Lesen Sie weiter für Details zu dieser Version.

Wenn Sie Feedback haben, teilen Sie es uns bitte auf Twitter oder Mastodon mit oder treten Sie unserem Community-Discord bei! Bugs und Feature-Anfragen können im Issue-Tracker von Electron gemeldet werden.

Bemerkenswerte Änderungen

Highlights

  • ASAR Integrity fuse now supported on Windows (#40504)
    • Existing apps with ASAR Integrity enabled may not work on Windows if not configured correctly. Apps using Electron packaging tools should upgrade to @electron/packager@18.3.1 or @electron/forge@7.4.0.
    • Take a look at our ASAR Integrity tutorial for more information.
  • Added WebContentsView and BaseWindow main process modules, deprecating & replacing BrowserView (#35658)
    • BrowserView is now a shim over WebContentsView and the old implementation has been removed.
    • See our Web Embeds documentation for a comparison of the new WebContentsView API to other similar APIs.
  • Implemented support for the File System API (#41827)

Stack-Änderungen

Electron 30 upgrades Chromium from 122.0.6261.39 to 124.0.6367.49, Node from 20.9.0 to 20.11.1, and V8 from 12.2 to 12.4.

Neue Funktionen

  • Added a transparent webpreference to webviews. (#40301)
  • Added a new instance property navigationHistory on webContents API with navigationHistory.getEntryAtIndex method, enabling applications to retrieve the URL and title of any navigation entry within the browsing history. (#41662)
  • Added new BrowserWindow.isOccluded() method to allow apps to check occlusion status. (#38982)
  • Added proxy configuring support for requests made with the net module from the utility process. (#41417)
  • Added support for Bluetooth ports being requested by service class ID in navigator.serial. (#41734)
  • Added support for the Node.js NODE_EXTRA_CA_CERTS CLI flag. (#41822)

Breaking Changes

Behavior Changed: cross-origin iframes now use Permission Policy to access features

Cross-origin iframes must now specify features available to a given iframe via the allow attribute in order to access them.

See documentation for more information.

Removed: The --disable-color-correct-rendering command line switch

This switch was never formally documented but its removal is being noted here regardless. Chromium itself now has better support for color spaces so this flag should not be needed.

Behavior Changed: BrowserView.setAutoResize behavior on macOS

In Electron 30, BrowserView is now a wrapper around the new WebContentsView API.

Previously, the setAutoResize function of the BrowserView API was backed by autoresizing on macOS, and by a custom algorithm on Windows and Linux. For simple use cases such as making a BrowserView fill the entire window, the behavior of these two approaches was identical. However, in more advanced cases, BrowserViews would be autoresized differently on macOS than they would be on other platforms, as the custom resizing algorithm for Windows and Linux did not perfectly match the behavior of macOS's autoresizing API. The autoresizing behavior is now standardized across all platforms.

If your app uses BrowserView.setAutoResize to do anything more complex than making a BrowserView fill the entire window, it's likely you already had custom logic in place to handle this difference in behavior on macOS. If so, that logic will no longer be needed in Electron 30 as autoresizing behavior is consistent.

Removed: params.inputFormType property on context-menu on WebContents

The inputFormType property of the params object in the context-menu event from WebContents has been removed. Use the new formControlType property instead.

Entfernt: process.getIOCounters()

Chromium has removed access to this information.

Ende der Unterstützung für 27.x.y

Electron 27.x.y hat das Ende des Supports gemäß der Support-Richtlinie des Projekts erreicht. Developers and applications are encouraged to upgrade to a newer version of Electron.

E30 (Apr'24)E31 (Jun'24)E32 (Aug'24)
30.x.y31.x.y32.x.y
29.x.y30.x.y31.x.y
28.x.y29.x.y30.x.y

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8.

Sie können die öffentliche Zeitleiste von Electron hier finden.

Weitere Informationen über zukünftige Änderungen können auf der Geplante Breaking Changes Seite gefunden werden.

Google Summer of Code 2024

· Die Lesezeit beträgt 4 min

We are excited to announce that Electron has been accepted as a mentoring organization for the 20th edition of Google Summer of Code (GSoC) 2024! Google Summer of Code is a global program focused on bringing new contributors into open source software development.

For more program details, check out Google’s Summer of Code homepage.

About us

Electron is a JavaScript framework for building cross-platform desktop applications using web technologies. The core Electron framework is a compiled binary executable built with Chromium and Node.js, and is mostly written in C++.

Outside of Electron core, we also work on a variety of projects to help sustain the Electron organization, such as:

As a Summer of Code contributor, you would be collaborating with some of Electron’s core contributors on one of many projects under the github.com/electron umbrella.

Before applying

If you aren’t very familiar with Electron, we would recommend you start by reading the documentation and trying out examples in Electron Fiddle.

To learn more about Electron app distribution, you can also play around with Electron Forge by creating a sample application:

npm init electron-app@latest my-app

After familiarizing yourself with the code a bit, come join the conversation on the Electron Discord server.

info

If this is your first time participating in Google Summer of Code or if you’re new to open source in general, we recommend reading Google’s Contributor Guide as a first step before engaging with the community.

Drafting your proposal

Interested in collaborating with Electron? First, check out the seven project idea drafts that we have prepared. Alle aufgeführten Ideen sind derzeit offen für Vorschläge.

Have a different idea you’d like us to consider? We’re also open to accepting new ideas that are not on the proposed project list, but make sure your approach is thoroughly outlined and detailed. When in doubt, we recommend sticking with our listed ideas.

Ihre Bewerbung sollte beinhalten:

  • Your proposal: a written document that describes in detail what you plan to achieve over the course of the summer.
  • Dein Hintergrund als Entwickler. If you have a resume, please include a copy. Otherwise, tell us about your past technical experience.
    • Lack of experience in certain areas won’t disqualify you, but it will help our mentors work out a plan to best support you and make sure your summer project is successful.

A detailed guide of what to submit as part of your Electron application is here. Submit proposals directly to the Google Summer of Code portal. Note that proposals emailed to the Electron team rather than submitted through the application portal will not be considered as a final submission.

If you want more guidance on your proposal or are unsure of what to include, we also recommend that you follow the official Google Summer of Code proposal writing advice here.

Applications open on March 18th, 2024 and close on April 2nd, 2024.

info

Our 2022 Google Summer of Code intern, @aryanshridhar, did an amazing job! If you want to see what Aryan worked on during his summer with Electron, you can read his report in the 2022 GSoC program archives.

Fragen?

If you have questions we didn’t address in the blog post or inquiries for your proposal draft, please send us an email at summer-of-code@electronjs.org or check GSoC FAQ!

Ressourcen

Electron 29.0.0

· Die Lesezeit beträgt 4 min

Electron 29.0.0 wurde veröffentlicht! It includes upgrades to Chromium 122.0.6261.39, V8 12.2, and Node.js 20.9.0.


Das Electron-Team freut sich, die Veröffentlichung von Electron 29.0.0 ankündigen zu können! Sie können es mit npm über npm electron@latest installieren oder von unserer Releases-Website herunterladen. Lesen Sie weiter für Details zu dieser Version.

Wenn Sie Feedback haben, teilen Sie es uns bitte auf Twitter oder Mastodon mit oder treten Sie unserem Community-Discord bei! Bugs und Feature-Anfragen können im Issue-Tracker von Electron gemeldet werden.

Bemerkenswerte Änderungen

Highlights

  • Added a new top-level webUtils module, a renderer process module that provides a utility layer to interact with Web API objects. The first available API in the module is webUtils.getPathForFile. Electron's previous File.path augmentation was a deviation from web standards; this new API is more in line with current web standards behavior.

Stack-Änderungen

Electron 29 upgrades Chromium from 120.0.6099.56 to 122.0.6261.39, Node from 18.18.2 to 20.9.0, and V8 from 12.0 to 12.2.

Neue Funktionen

  • Added new webUtils module, a utility layer to interact with Web API objects, to replace File.path augmentation. #38776
  • Added net module to utility process. #40890
  • Added a new Electron Fuse, grantFileProtocolExtraPrivileges, that opts the file:// protocol into more secure and restrictive behaviour that matches Chromium. #40372
  • Added an option in protocol.registerSchemesAsPrivileged to allow V8 code cache in custom schemes. #40544
  • Migrated app.{set|get}LoginItemSettings(settings) to use Apple's new recommended underlying framework on macOS 13.0+. #37244

Breaking Changes

Behavior Changed: ipcRenderer can no longer be sent over the contextBridge

Attempting to send the entire ipcRenderer module as an object over the contextBridge will now result in an empty object on the receiving side of the bridge. This change was made to remove / mitigate a security footgun. You should not directly expose ipcRenderer or its methods over the bridge. Instead, provide a safe wrapper like below:

contextBridge.exposeInMainWorld('app', {
onEvent: (cb) => ipcRenderer.on('foo', (e, ...args) => cb(args)),
});

Removed: renderer-process-crashed event on app

The renderer-process-crashed event on app has been removed. Use the new render-process-gone event instead.

// Removed
app.on('renderer-process-crashed', (event, webContents, killed) => {
/* ... */
});

// Replace with
app.on('render-process-gone', (event, webContents, details) => {
/* ... */
});

Removed: crashed event on WebContents and <webview>

The crashed events on WebContents and <webview> have been removed. Use the new render-process-gone event instead.

// Removed
win.webContents.on('crashed', (event, killed) => {
/* ... */
});
webview.addEventListener('crashed', (event) => {
/* ... */
});

// Replace with
win.webContents.on('render-process-gone', (event, details) => {
/* ... */
});
webview.addEventListener('render-process-gone', (event) => {
/* ... */
});

Removed: gpu-process-crashed event on app

The gpu-process-crashed event on app has been removed. Use the new child-process-gone event instead.

// Removed
app.on('gpu-process-crashed', (event, killed) => {
/* ... */
});

// Replace with
app.on('child-process-gone', (event, details) => {
/* ... */
});

Ende der Unterstützung für 26.x.y

Electron 26.x.y hat das Ende des Supports gemäß der Support-Richtlinie des Projekts erreicht. Developers and applications are encouraged to upgrade to a newer version of Electron.

E29 (Feb'24)E30 (Apr'24)E31 (Jun'24)
29.x.y30.x.y31.x.y
28.x.y29.x.y30.x.y
27.x.y28.x.y29.x.y

What's Next

Did you know that Electron recently added a community Request for Comments (RFC) process? If you want to add a feature to the framework, RFCs can be a useful tool to start a dialogue with maintainers on its design. You can also see upcoming changes being discussed in the Pull Requests. To learn more, check out our Introducing electron/rfcs blog post, or check out the README of the electron/rfcs repository directly.

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8.

Sie können die öffentliche Zeitleiste von Electron hier finden.

Weitere Informationen über zukünftige Änderungen können auf der Geplante Breaking Changes Seite gefunden werden.

Introducing electron/rfcs

· Die Lesezeit beträgt 3 min

Electron’s API Working Group is adopting an open Requests for Comments (RFC) process to help shepherd larger changes to Electron core.

Why RFCs?

In short, we want to smooth out the process of landing significant changes to Electron core.

Currently, new code changes are mostly discussed through issues and pull requests on GitHub. For most changes to Electron, this is a good system. Many bug fixes, documentation changes, and even new features are straightforward enough to review and merge asynchronously through standard GitHub flows.

For changes that are more significant—for instance, large API surfaces or breaking changes that would affect the majority of Electron apps—it makes sense for review to happen at the ideation stage before most of the code is written.

This process is designed to be open to the public, which will also make it easier for the open source community at large to give feedback on potential changes before they land in Electron.

Wie funktioniert das?

The entire RFC process lives in the electron/rfcs repository on GitHub. The steps are described in detail in the repository README.

In brief, an RFC is Proposed once a PR is made to the electron/rfcs repository. A Proposed RFC becomes:

  • Active when the PR is merged into the main branch of the repository, which means that Electron maintainers are amenable to an implementation in electron/electron, or
  • Declined if the PR is ultimately rejected.
info

For the RFC to become Active, the PR must be approved by at least 2 API Working Group members. Before merging, the RFC should be presented synchronously and accepted unanimously by a quorum of at least two-thirds of the WG members. If consensus is reached, a one-month final comment period will be triggered, after which the PR will be merged.

An Active RFC is Completed if the implementation has been merged into electron/electron.

Who can participate?

Anyone in the Electron community can submit RFCs or leave feedback on the electron/rfcs repository!

We wanted to make this process a two-way dialogue and encourage community participation to get a diverse set of opinions from Electron apps that might consume these APIs in the future. If you’re interested in leaving feedback on currently proposed RFCs, the Electron maintainers have already created a few:

Credits

Electron's RFC process was modeled on many established open source RFC processes. Inspiration for many ideas and major portions of copywriting go to:

Statement regarding "runAsNode" CVEs

· Die Lesezeit beträgt 4 min

Earlier today, the Electron team was alerted to several public CVEs recently filed against several notable Electron apps. The CVEs are related to two of Electron’s fuses - runAsNode and enableNodeCliInspectArguments - and incorrectly claim that a remote attacker is able to execute arbitrary code via these components if they have not been actively disabled.

We do not believe that these CVEs were filed in good faith. First of all, the statement is incorrect - the configuration does not enable remote code execution. Secondly, companies called out in these CVEs have not been notified despite having bug bounty programs. Lastly, while we do believe that disabling the components in question enhances app security, we do not believe that the CVEs have been filed with the correct severity. “Critical” is reserved for issues of the highest danger, which is certainly not the case here.

Anyone is able to request a CVE. While this is good for the overall health of the software industry, “farming CVEs” to bolster the reputation of a single security researcher is not helpful.

That said, we understand that the mere existence of a CVE with the scary critical severity might lead to end user confusion, so as a project, we’d like to offer guidance and assistance in dealing with the issue.

How might this impact me?

After reviewing the CVEs, the Electron team believes that these CVEs are not critical.

An attacker needs to already be able to execute arbitrary commands on the machine, either by having physical access to the hardware or by having achieved full remote code execution. This bears repeating: The vulnerability described requires an attacker to already have access to the attacked system.

Chrome, for example, does not consider physically-local attacks in their threat model:

We consider these attacks outside Chrome's threat model, because there is no way for Chrome (or any application) to defend against a malicious user who has managed to log into your device as you, or who can run software with the privileges of your operating system user account. Such an attacker can modify executables and DLLs, change environment variables like PATH, change configuration files, read any data your user account owns, email it to themselves, and so on. Such an attacker has total control over your device, and nothing Chrome can do would provide a serious guarantee of defense. This problem is not special to Chrome ­— all applications must trust the physically-local user.

The exploit described in the CVEs allows an attacker to then use the impacted app as a generic Node.js process with inherited TCC permissions. So if the app, for example, has been granted access to the address book, the attacker can run the app as Node.js and execute arbitrary code which will inherit that address book access. This is commonly known as a “living off the land” attack. Attackers usually use PowerShell, Bash, or similar tools to run arbitrary code.

Am I impacted?

By default, all released versions of Electron have the runAsNode and enableNodeCliInspectArguments features enabled. If you have not turned them off as described in the Electron Fuses documentation, your app is equally vulnerable to being used as a “living off the land” attack. Again, we need to stress that an attacker needs to already be able to execute code and programs on the victim’s machine.

Mitigation

The easiest way to mitigate this issue is to disable the runAsNode fuse within your Electron app. The runAsNode fuse toggles whether the ELECTRON_RUN_AS_NODE environment variable is respected or not. Please see the Electron Fuses documentation for information on how to toggle theses fuses.

Please note that if this fuse is disabled, then process.fork in the main process will not function as expected as it depends on this environment variable to function. Stattdessen empfehlen wir, dass Sie Utility Processes verwenden, welche für viele Anwendungsfälle funktionieren, in denen Sie einen eigenständigen Node.js-Prozess (wie einen Sqlite Server-Prozess oder ähnliche Szenarien) benötigen.

Weitere Informationen über Best Practices für die Sicherheit, die wir für Electron-Anwendungen empfehlen, können Sie in unserer Sicherheitscheckliste finden.

Electron 28.0.0

· Die Lesezeit beträgt 3 min

Electron 28.0.0 wurde veröffentlicht! Es enthält Upgrades auf Chromium 120.0.6099.56, V8 12.0, und Node.js 18.18.2.


Das Electron-Team freut sich, die Veröffentlichung von Electron 28.0.0 ankündigen zu können! Sie können es mit npm über npm electron@latest installieren oder von unserer Releases-Website herunterladen. Lesen Sie weiter für Details zu dieser Version.

Wenn Sie Feedback haben, teilen Sie es uns bitte auf Twitter oder Mastodon mit oder treten Sie unserem Community-Discord bei! Bugs und Feature-Anfragen können im Issue-Tracker von Electron gemeldet werden.

Bemerkenswerte Änderungen

Highlights

  • Unterstützung für ECMAScript Module oder ESM Implementiert (Was sind ECMAScript Module? hier mehr erfahren). Dies beinhaltet die Unterstützung für ESM in Electron selbst sowie Bereiche wie die "UtilityProcess"-API-Einstiegspunkte. Siehe unsere ESM-Dokumentation für weitere Details.
  • Neben ESM-Unterstützung in Electron selbst unterstützt Electron Forge auch die Verwendung von ESM zum Paketieren, Erstellen und Entwickeln von Electron-Anwendungen. Sie können diese Unterstützung in Forge v7.0.0 oder höher finden.

Stack-Änderungen

Neue Funktionen

  • ESM-Unterstützung aktiviert. #37535
  • ESM Einstiegspunkte zur "UtilityProcess" API hinzugefügt. #40047
  • Mehrere Eigenschaften dem display Objekt hinzugefügt, einschließlich detected, maximumCursorSize und nativeOrigin. #40554
  • Unterstützung für die Umgebungsvariable ELECTRON_OZONE_PLATFORM_HINT unter Linux hinzugefügt. #39792

Breaking Changes

Geändertes Verhalten: WebContents.backgroundThrottling auf false gesetzt wirkt sich auf alle WebContents im Host BrowserWindow aus

"WebContents.backgroundThrottling" auf "false" gesetzt deaktiviert Frame Throttling im "BrowserWindow" für alle von diesem angezeigten "WebContents".

Entfernt: BrowserWindow.setTrafficLightPosition(position)

BrowserWindow.setTrafficLightPosition(position) wurde entfernt, die BrowserWindow.setWindowButtonPosition(position) API sollte stattdessen verwendet werden, welche null anstelle von { x: 0, y: 0 } akzeptiert um die Position auf Systemstandard zurückzusetzen.

// Entfernt in Electron 25
win.setTrafficLightPosition({ x: 10, y: 10 });
win.setTrafficLightPosition({ x: 0, y: 0 });

// Ersetzen mit
win.setWindowButtonPosition({ x: 10, y: 10 });
win.setWindowButtonPosition(null);

Entfernt: BrowserWindow.getTrafficLightPosition()

BrowserWindow.getTrafficLightPosition() wurde entfernt, die BrowserWindow.getWindowButtonPosition() API sollte stattdessen verwendet werden, welche null anstelle von { x: 0, y: 0 } zurückgibt, wenn keine benutzerdefinierte Position vorhanden ist.

// Entfernt in Electron 28
const pos = win.getTrafficLightPosition();
if (pos. === 0 && pos.y === 0) {
// Keine benutzerdefinierte Position.
}

// Ersetzen mit
const ret = win. etWindowButtonPosition();
if (ret === null) {
// Keine benutzerdefinierte Position.
}

Entfernt: ipcRenderer.sendTo()

Die API ipcRenderer.sendTo() wurde entfernt. Sie sollte durch das Einrichten eines MessageChannel zwischen den Renderern ersetzt werden.

Die senderId und senderIsMainFrame Eigenschaften von IpcRendererEvent wurden ebenfalls entfernt.

Entfernt: app.runningUnderRosettaTranslation

Die Eigenschaft app.runningUnderRosettaTranslation wurde entfernt. Verwende stattdessen app.runningUnderARM64Translation.

// Entfernt
console.log(app.runningUnderRosettaTranslation)
// Ersetzen durch
console.log(app.runningUnderARM64Translation);

Ende der Unterstützung für 25.x.y

Electron 25.x.y hat das Ende des Supports gemäß der Support-Richtlinie des Projekts erreicht. Developers and applications are encouraged to upgrade to a newer version of Electron.

E28 (Dec'23)E29 (Feb'24)E30 (Apr'24)
28.x.y29.x.y30.x.y
27.x.y28.x.y29.x.y
26.x.y27.x.y28.x.y

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8.

Sie können die öffentliche Zeitleiste von Electron hier finden.

Weitere Informationen über zukünftige Änderungen können auf der Geplante Breaking Changes Seite gefunden werden.

Ecosystem 2023 Recap

· Die Lesezeit beträgt 5 min

Reflecting on the improvements and changes in Electron's developer ecosystem in 2023.


In the past few months, we've been cooking up some changes across the Electron ecosystem to supercharge the developer experience for Electron apps! Here’s a swift rundown of the latest additions straight from Electron HQ.

Electron Forge 7 and beyond

Electron Forge 7 — the newest major version of our all-in-one tool for packaging and distributing Electron applications — is now available.

While Forge 6 was a complete rewrite from v5, v7 is smaller in scope but still contains a few breaking changes. Going forward, we will continue to publish major versions of Forge as breaking changes need to be made.

For more details, see the full Forge v7.0.0 changelog on GitHub.

Wichtige Änderungen

  • Switched to notarytool for macOS notarization: As of 2023-11-01, Apple sunset the legacy altool for macOS notarization, and this release removes it from Electron Forge entirely.
  • Minimum Node.js increased to v16.4.0: With this release, we’ve set the minimum required Node.js version to 16.4.0.
  • Dropped support for electron-prebuilt and electron-prebuilt-compile: electron-prebuilt was the original name for Electron’s npm module, but was replaced by electron in v1.3.1. electron-prebuilt-compile was an alternative to that binary that came with enhanced DX features, but was eventually abandoned as a project.

Highlights

  • Google Cloud Storage publisher: As part of our push to better support static auto updating, Electron Forge now supports publishing directly to Google Cloud Storage!
  • ESM forge.config.js support: Electron Forge now supports ESM forge.config.js files. (P.S. Look forward to ESM entrypoint support in Electron 28.)
  • Makers now run in parallel: In Electron Forge 6, Makers ran sequentially for ✨ legacy ✨ reasons. Since then, we’ve tested out parallelization for the Make step with no adverse side effects, so you should see a speed-up when building multiple targets for the same platform!
Thank you!

🙇 Big thanks to mahnunchik for the contributions for both the GCS Publisher and ESM support in Forge configurations!

Better static storage auto updates

Squirrel.Windows and Squirrel.Mac are platform-specific updater technologies that back Electron’s built-in autoUpdater module. Both projects support auto updates via two methods:

  • A Squirrel-compatible update server
  • A manifest URL hosted on a static storage provider (e.g. AWS, Google Cloud Platform, Microsoft Azure, etc.)

The update server method has traditionally been the recommended approach for Electron apps (and provides additional customization of update logic), but it has a major downside—it requires apps to maintain their own server instance if they are closed-source.

On the other hand, the static storage method has always been possible, but was undocumented within Electron and poorly supported across Electron tooling packages.

With some great work from @MarshallOfSound, the update story for serverless automatic app updates has been drastically streamlined:

  • Electron Forge’s Zip and Squirrel.Windows makers can now be configured to output autoUpdater-compatible update manifests.
  • A new major version of update-electron-app (v2.0.0) can now read these generated manifests as an alternative to the update.electronjs.org server.

Once your Makers and Publishers are configured to upload update manifests to cloud file storage, you can enable auto updates with only a few lines of configuration:

const { updateElectronApp, UpdateSourceType } = require('update-electron-app');

updateElectronApp({
updateSource: {
type: UpdateSourceType.StaticStorage,
baseUrl: `https://my-manifest.url/${process.platform}/${process.arch}`,
},
});
Weiterführende Informationen

📦 Want to learn more? For a detailed guide, see Forge’s auto update documentation.

The @electron/ extended universe

When Electron first started, the community published many packages to enhance the experience of developing, packaging, and distributing Electron apps. Over time, many of these packages were incorporated into Electron’s GitHub organization, with the core team taking on the maintenance burden.

In 2022, we began unifying all these first-party tools under the @electron/ namespace on npm. This change means that packages that used to be electron-foo are now @electron/foo on npm, and repositories that used to be named electron/electron-foo are now electron/foo on GitHub. These changes help clearly delineate first-party projects from userland projects. This includes many commonly used packages, such as:

  • @electron/asar
  • @electron/fuses
  • @electron/get
  • @electron/notarize
  • @electron/osx-sign
  • @electron/packager
  • @electron/rebuild
  • @electron/remote
  • @electron/symbolicate-mac
  • @electron/universal

Going forward, all first-party packages we release will also be in the @electron/ namespace. There are two exceptions to this rule:

  • Electron core will continue to be published under the electron package.
  • Electron Forge will continue to publish all of its monorepo packages under the @electron-forge/ namespace.
Star seeking

⭐ During this process, we also accidentally took the electron/packager repository private, which has the unfortunate side effect of erasing our GitHub star count (over 9000 before the erasure). If you are an active user of Packager, we’d appreciate a ⭐ Star ⭐!

Introducing @electron/windows-sign

Starting on 2023-06-01, industry standards began requiring keys for Windows code signing certificates to be stored on FIPS-compliant hardware.

In practice, this meant that code signing became a lot harder for apps that build and sign in CI environments, since many Electron tools take in a certificate file and password as config parameters and attempt to sign from there using hardcoded logic.

This situation has been a common pain point for Electron developers, which is why we have been working on a better solution that isolates Windows code signing into its own standalone step, similar to what @electron/osx-sign does on macOS.

In the future, we plan on fully integrating this package into the Electron Forge toolchain, but it currently lives on its own. The package is currently available for installation at npm install --save-dev @electron/windows-sign and can used programmatically or via CLI.

Please try it out and give us your feedback in the repo’s issue tracker!

What's next?

We'll be entering our annual December quiet period next month. While we do, we'll be thinking about how we can make the Electron development experience even better in 2024.

Is there anything you'd like to see us work on next? Gib uns Bescheid!